Block IP if triggered a critical modsecurity rule repeatedly

ibrahimhajjaj

• March 04, 2020 03:56

Hello World, [COLOR=rgb(44, 130, 201)]I want to automate IP blocking if certain IP keep trigger CRITICAL modsecurity rule! [COLOR=rgb(184, 49, 47)]e.g: IP 1.1.1.1 have triggered more than 10 critical rule in a day = action: IP block [COLOR=rgb(0, 0, 0)]Best Regards[COLOR=rgb(0, 0, 0)]

• 

  cPanelLauren

  • March 04, 2020 18:51

  You would need to edit the rule or add a new one, the documentation here may be helpful: ModSecurity Tools | cPanel & WHM Documentation as well as modsecurity's own documentation here Making Rules " OWASP CRS Documentation 3.0.0-rc1 documentation

  0
• 

  PlotHost

  • June 07, 2020 11:54

  You can consider this option in csf [QUOTE]#

  Enable failure detection of repeated Apache mod_security rule triggers
  

  0

Please sign in to leave a comment.